You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2014/01/11 00:02:44 UTC
[1/2] Remove old APIs and old security checker plugins. Also use
QuerySelector adapater in ACL search routine.
Updated Branches:
refs/heads/rbac e6238baa3 -> e42a262f6
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
----------------------------------------------------------------------
diff --git a/plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml b/plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
deleted file mode 100644
index 78b233d..0000000
--- a/plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:aop="http://www.springframework.org/schema/aop"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-3.0.xsd"
- >
-
- <bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.acl.entity.RoleBasedEntityAccessChecker" />
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/api/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/api/RoleBasedAPIAccessChecker.java b/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/api/RoleBasedAPIAccessChecker.java
deleted file mode 100644
index 23f25ca..0000000
--- a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/api/RoleBasedAPIAccessChecker.java
+++ /dev/null
@@ -1,68 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.api;
-
-import java.util.List;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-
-import org.apache.cloudstack.acl.APIChecker;
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.acl.AclRole;
-import org.apache.cloudstack.acl.AclService;
-import org.apache.log4j.Logger;
-
-import com.cloud.exception.PermissionDeniedException;
-import com.cloud.user.Account;
-import com.cloud.user.AccountService;
-import com.cloud.user.User;
-import com.cloud.utils.component.AdapterBase;
-
-// This is the Role Based API access checker that grab's the account's roles
-// based on the set of roles, access is granted if any of the role has access to the api
-@Local(value=APIChecker.class)
-public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker {
-
- protected static final Logger s_logger = Logger.getLogger(RoleBasedAPIAccessChecker.class);
-
- @Inject AccountService _accountService;
- @Inject AclService _aclService;
-
- protected RoleBasedAPIAccessChecker() {
- super();
- }
-
- @Override
- public boolean checkAccess(User user, String commandName)
- throws PermissionDeniedException {
- Account account = _accountService.getAccount(user.getAccountId());
- if (account == null) {
- throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId() + "is null");
- }
-
- List<AclPolicy> policies = _aclService.listAclPolicies(account.getAccountId());
-
-
- boolean isAllowed = _aclService.isAPIAccessibleForPolicies(commandName, policies);
- if (!isAllowed) {
- throw new PermissionDeniedException("The API does not exist or is blacklisted. api: " + commandName);
- }
- return isAllowed;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java b/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java
deleted file mode 100644
index c057bc0..0000000
--- a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java
+++ /dev/null
@@ -1,131 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.entity;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.acl.AclPolicyPermissionVO;
-import org.apache.cloudstack.acl.AclService;
-import org.apache.cloudstack.acl.ControlledEntity;
-import org.apache.cloudstack.acl.AclEntityType;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker;
-import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao;
-import org.apache.cloudstack.acl.dao.AclPolicyPermissionDao;
-import org.apache.log4j.Logger;
-
-import com.cloud.acl.DomainChecker;
-import com.cloud.domain.dao.DomainDao;
-import com.cloud.exception.PermissionDeniedException;
-import com.cloud.user.Account;
-import com.cloud.user.AccountService;
-import com.cloud.vm.VirtualMachine;
-
-public class RoleBasedEntityAccessChecker extends DomainChecker implements SecurityChecker {
-
- private static final Logger s_logger = Logger.getLogger(RoleBasedEntityAccessChecker.class.getName());
-
- @Inject
- AccountService _accountService;
- @Inject
- AclService _aclService;
-
- @Inject DomainDao _domainDao;
-
- @Inject
- AclGroupAccountMapDao _aclGroupAccountMapDao;
-
- @Inject
- AclPolicyPermissionDao _policyPermissionDao;
-
-
- @Override
- public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType)
- throws PermissionDeniedException {
- return checkAccess(caller, entity, accessType, null);
- }
-
- @Override
- public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType, String action)
- throws PermissionDeniedException {
-
- String entityType = entity.getEntityType().toString();
-
- if (accessType == null) {
- accessType = AccessType.ListEntry;
- }
-
- // get all Policies of this caller w.r.t the entity
- List<AclPolicy> policies = _aclService.getEffectivePolicies(caller, entity);
- HashMap<AclPolicy, Boolean> policyPermissionMap = new HashMap<AclPolicy, Boolean>();
-
- for (AclPolicy policy : policies) {
- List<AclPolicyPermissionVO> permissions = new ArrayList<AclPolicyPermissionVO>();
-
- if (action != null) {
- permissions = _policyPermissionDao.listByPolicyActionAndEntity(policy.getId(),
- action, entityType);
- } else {
- permissions = _policyPermissionDao.listByPolicyAccessAndEntity(policy.getId(), accessType, entityType);
- }
- for (AclPolicyPermissionVO permission : permissions) {
- if (checkPermissionScope(caller, permission.getScope(), entity)) {
- if (permission.getEntityType().equals(entityType)) {
- policyPermissionMap.put(policy, permission.getPermission().isGranted());
- break;
- } else if (permission.getEntityType().equals("*")) {
- policyPermissionMap.put(policy, permission.getPermission().isGranted());
- }
- }
- }
- if (policyPermissionMap.containsKey(policy) && policyPermissionMap.get(policy)) {
- return true;
- }
- }
-
- if (!policies.isEmpty()) { // Since we reach this point, none of the
- // roles granted access
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("Account " + caller + " does not have permission to access resource " + entity
- + " for access type: " + accessType);
- }
- throw new PermissionDeniedException(caller + " does not have permission to access resource " + entity);
- }
-
- return false;
- }
-
- private boolean checkPermissionScope(Account caller, PermissionScope scope, ControlledEntity entity) {
-
- if(scope.equals(PermissionScope.ACCOUNT)){
- if(caller.getAccountId() == entity.getAccountId()){
- return true;
- }
- }else if(scope.equals(PermissionScope.DOMAIN)){
- if (_domainDao.isChildDomain(caller.getDomainId(), entity.getDomainId())) {
- return true;
- }
- }
-
- return false;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityQuerySelector.java
----------------------------------------------------------------------
diff --git a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityQuerySelector.java b/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityQuerySelector.java
deleted file mode 100644
index 3deea5c..0000000
--- a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityQuerySelector.java
+++ /dev/null
@@ -1,51 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.entity;
-
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.QuerySelector;
-
-import com.cloud.user.Account;
-import com.cloud.utils.component.AdapterBase;
-
-public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySelector {
-
- private static final Logger s_logger = Logger.getLogger(RoleBasedEntityQuerySelector.class.getName());
-
- @Override
- public List<Long> getAuthorizedDomains(Account caller, String action) {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public List<Long> getAuthorizedAccounts(Account caller, String action) {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public List<Long> getAuthorizedResources(Account caller, String action) {
- // TODO Auto-generated method stub
- return null;
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/server/src/com/cloud/api/ApiDBUtils.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java
index 5b894fb..7a7b84a 100755
--- a/server/src/com/cloud/api/ApiDBUtils.java
+++ b/server/src/com/cloud/api/ApiDBUtils.java
@@ -25,8 +25,6 @@ import java.util.Set;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.affinity.AffinityGroup;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
@@ -35,8 +33,6 @@ import org.apache.cloudstack.api.ApiConstants.HostDetails;
import org.apache.cloudstack.api.ApiConstants.VMDetails;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.DomainRouterResponse;
@@ -69,8 +65,6 @@ import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
import com.cloud.api.query.dao.AccountJoinDao;
-import com.cloud.api.query.dao.AclGroupJoinDao;
-import com.cloud.api.query.dao.AclPolicyJoinDao;
import com.cloud.api.query.dao.AffinityGroupJoinDao;
import com.cloud.api.query.dao.AsyncJobJoinDao;
import com.cloud.api.query.dao.DataCenterJoinDao;
@@ -91,8 +85,6 @@ import com.cloud.api.query.dao.UserAccountJoinDao;
import com.cloud.api.query.dao.UserVmJoinDao;
import com.cloud.api.query.dao.VolumeJoinDao;
import com.cloud.api.query.vo.AccountJoinVO;
-import com.cloud.api.query.vo.AclGroupJoinVO;
-import com.cloud.api.query.vo.AclPolicyJoinVO;
import com.cloud.api.query.vo.AffinityGroupJoinVO;
import com.cloud.api.query.vo.AsyncJobJoinVO;
import com.cloud.api.query.vo.DataCenterJoinVO;
@@ -411,8 +403,6 @@ public class ApiDBUtils {
static GlobalLoadBalancingRulesService _gslbService;
static NetworkACLDao _networkACLDao;
static AccountService _accountService;
- static AclPolicyJoinDao _aclPolicyJoinDao;
- static AclGroupJoinDao _aclGroupJoinDao;
static ResourceMetaDataService _resourceDetailsService;
@Inject
@@ -526,10 +516,6 @@ public class ApiDBUtils {
@Inject private NetworkACLDao networkACLDao;
@Inject private ServiceOfferingDetailsDao serviceOfferingDetailsDao;
@Inject private AccountService accountService;
- @Inject
- private AclPolicyJoinDao aclPolicyJoinDao;
- @Inject
- private AclGroupJoinDao aclGroupJoinDao;
@Inject private ConfigurationManager configMgr;
@Inject private DataCenterDetailsDao zoneDetailsDao;
@Inject private ResourceMetaDataService resourceDetailsService;
@@ -643,8 +629,6 @@ public class ApiDBUtils {
_statsCollector = StatsCollector.getInstance();
_networkACLDao = networkACLDao;
_accountService = accountService;
- _aclPolicyJoinDao = aclPolicyJoinDao;
- _aclGroupJoinDao = aclGroupJoinDao;
_resourceDetailsService = resourceDetailsService;
}
@@ -1520,9 +1504,6 @@ public class ApiDBUtils {
return _userAccountJoinDao.searchByAccountId(accountId);
}
- public static List<AclGroupJoinVO> findAclGroupByAccountId(long accountId) {
- return _aclGroupJoinDao.findAclGroupsByAccount(accountId);
- }
public static ProjectAccountResponse newProjectAccountResponse(ProjectAccountJoinVO proj) {
return _projectAccountJoinDao.newProjectAccountResponse(proj);
@@ -1698,29 +1679,6 @@ public class ApiDBUtils {
return _affinityGroupJoinDao.setAffinityGroupResponse(resp, group);
}
- public static List<AclPolicyJoinVO> newAclPolicyView(AclPolicy policy) {
- return _aclPolicyJoinDao.newAclPolicyView(policy);
- }
-
- public static AclPolicyResponse newAclPolicyResponse(AclPolicyJoinVO policy) {
- return _aclPolicyJoinDao.newAclPolicyResponse(policy);
- }
-
- public static AclPolicyResponse fillAclPolicyDetails(AclPolicyResponse resp, AclPolicyJoinVO policy) {
- return _aclPolicyJoinDao.setAclPolicyResponse(resp, policy);
- }
-
- public static List<AclGroupJoinVO> newAclGroupView(AclGroup group) {
- return _aclGroupJoinDao.newAclGroupView(group);
- }
-
- public static AclGroupResponse newAclGroupResponse(AclGroupJoinVO group) {
- return _aclGroupJoinDao.newAclGroupResponse(group);
- }
-
- public static AclGroupResponse fillAclGroupDetails(AclGroupResponse resp, AclGroupJoinVO group) {
- return _aclGroupJoinDao.setAclGroupResponse(resp, group);
- }
public static List<? extends LoadBalancer> listSiteLoadBalancers(long gslbRuleId) {
return _gslbService.listSiteLoadBalancers(gslbRuleId);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/server/src/com/cloud/api/ApiResponseHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java
index b3f42f8..1a999ac 100755
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -33,8 +33,6 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.affinity.AffinityGroup;
@@ -45,8 +43,6 @@ import org.apache.cloudstack.api.ResponseGenerator;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.command.user.job.QueryAsyncJobResultCmd;
import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.ApplicationLoadBalancerInstanceResponse;
import org.apache.cloudstack.api.response.ApplicationLoadBalancerResponse;
import org.apache.cloudstack.api.response.ApplicationLoadBalancerRuleResponse;
@@ -154,8 +150,6 @@ import org.apache.cloudstack.usage.UsageTypes;
import com.cloud.api.query.ViewResponseHelper;
import com.cloud.api.query.vo.AccountJoinVO;
-import com.cloud.api.query.vo.AclGroupJoinVO;
-import com.cloud.api.query.vo.AclPolicyJoinVO;
import com.cloud.api.query.vo.AsyncJobJoinVO;
import com.cloud.api.query.vo.ControlledViewEntity;
import com.cloud.api.query.vo.DataCenterJoinVO;
@@ -3707,22 +3701,6 @@ public class ApiResponseHelper implements ResponseGenerator {
}
}
- @Override
- public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) {
- List<AclPolicyJoinVO> viewPolicies = ApiDBUtils.newAclPolicyView(policy);
- List<AclPolicyResponse> listPolicies = ViewResponseHelper.createAclPolicyResponses(viewPolicies);
- assert listPolicies != null && listPolicies.size() == 1 : "There should be one acl policy returned";
- return listPolicies.get(0);
- }
-
- @Override
- public AclGroupResponse createAclGroupResponse(AclGroup group) {
- List<AclGroupJoinVO> viewGroups = ApiDBUtils.newAclGroupView(group);
- List<AclGroupResponse> listGroups = ViewResponseHelper.createAclGroupResponses(viewGroups);
- assert listGroups != null && listGroups.size() == 1 : "There should be one acl role returned";
- return listGroups.get(0);
- }
-
@Override
public PortableIpRangeResponse createPortableIPRangeResponse(PortableIpRange ipRange) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/server/src/com/cloud/api/query/QueryManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java
index b807f4a..fd1804a 100644
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@ -29,12 +29,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.acl.AclService;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
-import org.apache.cloudstack.acl.dao.AclGroupDao;
-import org.apache.cloudstack.acl.dao.AclPolicyDao;
import org.apache.cloudstack.affinity.AffinityGroupDomainMapVO;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.affinity.AffinityGroupVMMapVO;
@@ -74,8 +69,6 @@ import org.apache.cloudstack.api.command.user.volume.ListResourceDetailsCmd;
import org.apache.cloudstack.api.command.user.volume.ListVolumesCmd;
import org.apache.cloudstack.api.command.user.zone.ListZonesCmd;
import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.DomainRouterResponse;
@@ -103,8 +96,6 @@ import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.query.QueryService;
import com.cloud.api.query.dao.AccountJoinDao;
-import com.cloud.api.query.dao.AclGroupJoinDao;
-import com.cloud.api.query.dao.AclPolicyJoinDao;
import com.cloud.api.query.dao.AffinityGroupJoinDao;
import com.cloud.api.query.dao.AsyncJobJoinDao;
import com.cloud.api.query.dao.DataCenterJoinDao;
@@ -125,9 +116,6 @@ import com.cloud.api.query.dao.UserAccountJoinDao;
import com.cloud.api.query.dao.UserVmJoinDao;
import com.cloud.api.query.dao.VolumeJoinDao;
import com.cloud.api.query.vo.AccountJoinVO;
-import com.cloud.api.query.vo.AclGroupJoinVO;
-import com.cloud.api.query.vo.AclPolicyJoinVO;
-import com.cloud.api.query.vo.AclRoleJoinVO;
import com.cloud.api.query.vo.AffinityGroupJoinVO;
import com.cloud.api.query.vo.AsyncJobJoinVO;
import com.cloud.api.query.vo.DataCenterJoinVO;
@@ -218,8 +206,6 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
public static final Logger s_logger = Logger.getLogger(QueryManagerImpl.class);
- // public static ViewResponseHelper _responseGenerator;
-
@Inject
private AccountManager _accountMgr;
@@ -354,20 +340,6 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
@Inject
AffinityGroupDomainMapDao _affinityGroupDomainMapDao;
- @Inject
- AclPolicyJoinDao _aclPolicyJoinDao;
-
- @Inject
- AclPolicyDao _aclPolicyDao;
-
- @Inject
- AclGroupJoinDao _aclGroupJoinDao;
-
- @Inject
- AclGroupDao _aclGroupDao;
-
- @Inject
- AclService _aclService;
@Inject NetworkDetailsDao _networkDetailsDao;
@@ -3334,214 +3306,4 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
return resourceDetailResponse;
}
- @Override
- public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex, Long pageSize) {
- Pair<List<AclPolicyJoinVO>, Integer> result = listAclPoliciesInternal(aclPolicyId, aclPolicyName, domainId, true, true, startIndex, pageSize);
- ListResponse<AclPolicyResponse> response = new ListResponse<AclPolicyResponse>();
-
- List<AclPolicyResponse> roleResponses = ViewResponseHelper.createAclPolicyResponses(result.first());
- response.setResponses(roleResponses, result.second());
- return response;
- }
-
- private Pair<List<AclPolicyJoinVO>, Integer> listAclPoliciesInternal(Long aclPolicyId, String aclPolicyName, Long domainId, boolean isRecursive, boolean listAll,
- Long startIndex,
- Long pageSize) {
-
- Account caller = CallContext.current().getCallingAccount();
- Boolean listForDomain = false;
-
- if (aclPolicyId != null) {
- AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
- if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy by id " + aclPolicyId);
- }
-
- _accountMgr.checkAccess(caller, null, true, policy);
- }
-
- if (domainId != null) {
- Domain domain = _domainDao.findById(domainId);
- if (domain == null) {
- throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
- }
-
- _accountMgr.checkAccess(caller, domain);
-
- if (aclPolicyName != null) {
- AclPolicy policy = _aclPolicyDao.findByName(domainId, aclPolicyName);
- if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy by name " + aclPolicyName
- + " in domain " + domainId);
- }
- _accountMgr.checkAccess(caller, null, true, policy);
- }
- }
-
- if (aclPolicyId == null) {
- if (_accountMgr.isAdmin(caller.getType()) && listAll && domainId == null) {
- listForDomain = true;
- isRecursive = true;
- if (domainId == null) {
- domainId = caller.getDomainId();
- }
- } else if (_accountMgr.isAdmin(caller.getType()) && domainId != null) {
- listForDomain = true;
- }
- }
-
- Filter searchFilter = new Filter(AclRoleJoinVO.class, "id", true, startIndex, pageSize);
-
-
- SearchBuilder<AclPolicyJoinVO> sb = _aclPolicyJoinDao.createSearchBuilder();
- sb.select(null, Func.DISTINCT, sb.entity().getId()); // select distinct ids
-
- sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
- sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ);
- sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
-
- if (listForDomain && isRecursive) {
- sb.and("path", sb.entity().getDomainPath(), SearchCriteria.Op.LIKE);
- }
-
- SearchCriteria<AclPolicyJoinVO> sc = sb.create();
-
- if (aclPolicyName != null) {
- sc.setParameters("name", aclPolicyName);
- }
-
- if (aclPolicyId != null) {
- sc.setParameters("id", aclPolicyId);
- }
-
- if (listForDomain) {
- if (isRecursive) {
- Domain domain = _domainDao.findById(domainId);
- sc.setParameters("path", domain.getPath() + "%");
- } else {
- sc.setParameters("domainId", domainId);
- }
- }
-
-
- // search policy details by ids
- Pair<List<AclPolicyJoinVO>, Integer> uniqueRolePair = _aclPolicyJoinDao.searchAndCount(sc, searchFilter);
- Integer count = uniqueRolePair.second();
- if (count.intValue() == 0) {
- // empty result
- return uniqueRolePair;
- }
- List<AclPolicyJoinVO> uniqueRoles = uniqueRolePair.first();
- Long[] vrIds = new Long[uniqueRoles.size()];
- int i = 0;
- for (AclPolicyJoinVO v : uniqueRoles) {
- vrIds[i++] = v.getId();
- }
- List<AclPolicyJoinVO> vrs = _aclPolicyJoinDao.searchByIds(vrIds);
- return new Pair<List<AclPolicyJoinVO>, Integer>(vrs, count);
- }
-
- @Override
- public ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) {
- Pair<List<AclGroupJoinVO>, Integer> result = listAclGroupsInternal(aclGroupId, aclGroupName, domainId, true, true, startIndex, pageSize);
- ListResponse<AclGroupResponse> response = new ListResponse<AclGroupResponse>();
-
- List<AclGroupResponse> groupResponses = ViewResponseHelper.createAclGroupResponses(result.first());
- response.setResponses(groupResponses, result.second());
- return response;
- }
-
- private Pair<List<AclGroupJoinVO>, Integer> listAclGroupsInternal(Long aclGroupId, String aclGroupName, Long domainId, boolean isRecursive, boolean listAll, Long startIndex,
- Long pageSize) {
-
- Account caller = CallContext.current().getCallingAccount();
- Boolean listForDomain = false;
-
- if (aclGroupId != null) {
- AclGroup group = _aclGroupDao.findById(aclGroupId);
- if (group == null) {
- throw new InvalidParameterValueException("Unable to find acl group by id " + aclGroupId);
- }
-
- _accountMgr.checkAccess(caller, null, true, group);
- }
-
- if (domainId != null) {
- Domain domain = _domainDao.findById(domainId);
- if (domain == null) {
- throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
- }
-
- _accountMgr.checkAccess(caller, domain);
-
- if (aclGroupName != null) {
- AclGroup group = _aclGroupDao.findByName(domainId, aclGroupName);
- if (group == null) {
- throw new InvalidParameterValueException("Unable to find acl group by name " + aclGroupName
- + " in domain " + domainId);
- }
- _accountMgr.checkAccess(caller, null, true, group);
- }
- }
-
- if (aclGroupId == null) {
- if (_accountMgr.isAdmin(caller.getType()) && listAll && domainId == null) {
- listForDomain = true;
- isRecursive = true;
- if (domainId == null) {
- domainId = caller.getDomainId();
- }
- } else if (_accountMgr.isAdmin(caller.getType()) && domainId != null) {
- listForDomain = true;
- }
- }
-
- Filter searchFilter = new Filter(AclGroupJoinVO.class, "id", true, startIndex, pageSize);
-
- SearchBuilder<AclGroupJoinVO> sb = _aclGroupJoinDao.createSearchBuilder();
- sb.select(null, Func.DISTINCT, sb.entity().getId()); // select distinct ids
-
- sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
- sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ);
- sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
-
- if (listForDomain && isRecursive) {
- sb.and("path", sb.entity().getDomainPath(), SearchCriteria.Op.LIKE);
- }
-
- SearchCriteria<AclGroupJoinVO> sc = sb.create();
-
- if (aclGroupName != null) {
- sc.setParameters("name", aclGroupName);
- }
-
- if (aclGroupId != null) {
- sc.setParameters("id", aclGroupId);
- }
-
- if (listForDomain) {
- if (isRecursive) {
- Domain domain = _domainDao.findById(domainId);
- sc.setParameters("path", domain.getPath() + "%");
- } else {
- sc.setParameters("domainId", domainId);
- }
- }
-
- // search group details by ids
- Pair<List<AclGroupJoinVO>, Integer> uniqueGroupPair = _aclGroupJoinDao.searchAndCount(sc, searchFilter);
- Integer count = uniqueGroupPair.second();
- if (count.intValue() == 0) {
- // empty result
- return uniqueGroupPair;
- }
- List<AclGroupJoinVO> uniqueGroups = uniqueGroupPair.first();
- Long[] vrIds = new Long[uniqueGroups.size()];
- int i = 0;
- for (AclGroupJoinVO v : uniqueGroups) {
- vrIds[i++] = v.getId();
- }
- List<AclGroupJoinVO> vrs = _aclGroupJoinDao.searchByIds(vrIds);
- return new Pair<List<AclGroupJoinVO>, Integer>(vrs, count);
- }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/server/src/com/cloud/api/query/ViewResponseHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/ViewResponseHelper.java b/server/src/com/cloud/api/query/ViewResponseHelper.java
index 478cbfb..3a35c96 100644
--- a/server/src/com/cloud/api/query/ViewResponseHelper.java
+++ b/server/src/com/cloud/api/query/ViewResponseHelper.java
@@ -28,8 +28,6 @@ import org.apache.cloudstack.api.ApiConstants.HostDetails;
import org.apache.cloudstack.api.ApiConstants.VMDetails;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.DomainRouterResponse;
@@ -54,8 +52,6 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.api.ApiDBUtils;
import com.cloud.api.query.vo.AccountJoinVO;
-import com.cloud.api.query.vo.AclGroupJoinVO;
-import com.cloud.api.query.vo.AclPolicyJoinVO;
import com.cloud.api.query.vo.AffinityGroupJoinVO;
import com.cloud.api.query.vo.AsyncJobJoinVO;
import com.cloud.api.query.vo.DataCenterJoinVO;
@@ -444,36 +440,4 @@ public class ViewResponseHelper {
}
return new ArrayList<AffinityGroupResponse>(vrDataList.values());
}
-
- public static List<AclPolicyResponse> createAclPolicyResponses(List<AclPolicyJoinVO> policies) {
- Hashtable<Long, AclPolicyResponse> vrDataList = new Hashtable<Long, AclPolicyResponse>();
- for (AclPolicyJoinVO vr : policies) {
- AclPolicyResponse vrData = vrDataList.get(vr.getId());
- if (vrData == null) {
- // first time encountering this Acl policy
- vrData = ApiDBUtils.newAclPolicyResponse(vr);
- } else {
- // update vms
- vrData = ApiDBUtils.fillAclPolicyDetails(vrData, vr);
- }
- vrDataList.put(vr.getId(), vrData);
- }
- return new ArrayList<AclPolicyResponse>(vrDataList.values());
- }
-
- public static List<AclGroupResponse> createAclGroupResponses(List<AclGroupJoinVO> groups) {
- Hashtable<Long, AclGroupResponse> vrDataList = new Hashtable<Long, AclGroupResponse>();
- for (AclGroupJoinVO vr : groups) {
- AclGroupResponse vrData = vrDataList.get(vr.getId());
- if (vrData == null) {
- // first time encountering this Acl role
- vrData = ApiDBUtils.newAclGroupResponse(vr);
- } else {
- // update vms
- vrData = ApiDBUtils.fillAclGroupDetails(vrData, vr);
- }
- vrDataList.put(vr.getId(), vrData);
- }
- return new ArrayList<AclGroupResponse>(vrDataList.values());
- }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java
index da13bad..8c2b195 100644
--- a/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java
@@ -24,16 +24,15 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
+import org.apache.cloudstack.acl.AclProxyService;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.ResourceLimitAndCountResponse;
import org.apache.cloudstack.api.response.UserResponse;
import com.cloud.api.ApiDBUtils;
import com.cloud.api.query.ViewResponseHelper;
import com.cloud.api.query.vo.AccountJoinVO;
-import com.cloud.api.query.vo.AclGroupJoinVO;
import com.cloud.api.query.vo.UserAccountJoinVO;
import com.cloud.configuration.Resource.ResourceType;
import com.cloud.user.Account;
@@ -50,6 +49,8 @@ public class AccountJoinDaoImpl extends GenericDaoBase<AccountJoinVO, Long> impl
private final SearchBuilder<AccountJoinVO> acctIdSearch;
@Inject
public AccountManager _accountMgr;
+ @Inject
+ AclProxyService _aclProxy;
protected AccountJoinDaoImpl() {
@@ -105,9 +106,7 @@ public class AccountJoinDaoImpl extends GenericDaoBase<AccountJoinVO, Long> impl
accountResponse.setObjectName("account");
// add all the acl groups for an account
- List<AclGroupJoinVO> groupsForAccount = ApiDBUtils.findAclGroupByAccountId(account.getId());
- List<AclGroupResponse> groupResponses = ViewResponseHelper.createAclGroupResponses(groupsForAccount);
- accountResponse.setGroups(groupResponses);
+ accountResponse.setGroups(_aclProxy.listAclGroupsByAccount(account.getId()));
return accountResponse;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/server/src/com/cloud/api/query/dao/AclGroupJoinDao.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/AclGroupJoinDao.java b/server/src/com/cloud/api/query/dao/AclGroupJoinDao.java
deleted file mode 100644
index ccebf21..0000000
--- a/server/src/com/cloud/api/query/dao/AclGroupJoinDao.java
+++ /dev/null
@@ -1,38 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.query.dao;
-
-import java.util.List;
-
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-
-import com.cloud.api.query.vo.AclGroupJoinVO;
-import com.cloud.utils.db.GenericDao;
-
-public interface AclGroupJoinDao extends GenericDao<AclGroupJoinVO, Long> {
-
- AclGroupResponse newAclGroupResponse(AclGroupJoinVO group);
-
- AclGroupResponse setAclGroupResponse(AclGroupResponse response, AclGroupJoinVO os);
-
- List<AclGroupJoinVO> newAclGroupView(AclGroup group);
-
- List<AclGroupJoinVO> searchByIds(Long... ids);
-
- List<AclGroupJoinVO> findAclGroupsByAccount(long accountId);
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/server/src/com/cloud/api/query/dao/AclGroupJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/AclGroupJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/AclGroupJoinDaoImpl.java
deleted file mode 100644
index 355f561..0000000
--- a/server/src/com/cloud/api/query/dao/AclGroupJoinDaoImpl.java
+++ /dev/null
@@ -1,173 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.query.dao;
-
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
-
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.acl.AclGroupAccountMapVO;
-import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
-
-import com.cloud.api.query.vo.AclGroupJoinVO;
-import com.cloud.user.AccountManager;
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-@Component
-@Local(value = {AclGroupJoinDao.class})
-public class AclGroupJoinDaoImpl extends GenericDaoBase<AclGroupJoinVO, Long> implements AclGroupJoinDao {
- public static final Logger s_logger = Logger.getLogger(AclGroupJoinDaoImpl.class);
-
-
- private final SearchBuilder<AclGroupJoinVO> grpIdSearch;
- private final SearchBuilder<AclGroupJoinVO> grpSearch;
- @Inject
- public AccountManager _accountMgr;
- @Inject
- public ConfigurationDao _configDao;
- @Inject
- public AclGroupAccountMapDao _grpAccountDao;
-
- protected AclGroupJoinDaoImpl() {
-
- grpSearch = createSearchBuilder();
- grpSearch.and("idIN", grpSearch.entity().getId(), SearchCriteria.Op.IN);
- grpSearch.done();
-
- grpIdSearch = createSearchBuilder();
- grpIdSearch.and("id", grpIdSearch.entity().getId(), SearchCriteria.Op.EQ);
- grpIdSearch.done();
-
- _count = "select count(distinct id) from acl_group_view WHERE ";
- }
-
-
-
- @Override
- public AclGroupResponse newAclGroupResponse(AclGroupJoinVO group) {
-
- AclGroupResponse response = new AclGroupResponse();
- response.setId(group.getUuid());
- response.setName(group.getName());
- response.setDescription(group.getDescription());
- response.setDomainId(group.getDomainUuid());
- response.setDomainName(group.getName());
- response.setAccountName(group.getAccountName());
- if (group.getMemberAccountId() > 0) {
- response.addMemberAccount(group.getMemberAccountName());
- }
- if (group.getPolicyId() > 0) {
- response.addPolicy(group.getPolicyName());
- }
-
- response.setObjectName("aclgroup");
-
- return response;
- }
-
- @Override
- public AclGroupResponse setAclGroupResponse(AclGroupResponse response, AclGroupJoinVO group) {
- if (group.getMemberAccountId() > 0) {
- response.addMemberAccount(group.getMemberAccountName());
- }
- if (group.getPolicyId() > 0) {
- response.addPolicy(group.getPolicyName());
- }
-
- return response;
- }
-
- @Override
- public List<AclGroupJoinVO> newAclGroupView(AclGroup group) {
- SearchCriteria<AclGroupJoinVO> sc = grpIdSearch.create();
- sc.setParameters("id", group.getId());
- return searchIncludingRemoved(sc, null, null, false);
-
- }
-
- @Override
- public List<AclGroupJoinVO> searchByIds(Long... grpIds) {
- // set detail batch query size
- int DETAILS_BATCH_SIZE = 2000;
- String batchCfg = _configDao.getValue("detail.batch.query.size");
- if (batchCfg != null) {
- DETAILS_BATCH_SIZE = Integer.parseInt(batchCfg);
- }
- // query details by batches
- List<AclGroupJoinVO> uvList = new ArrayList<AclGroupJoinVO>();
- // query details by batches
- int curr_index = 0;
- if (grpIds.length > DETAILS_BATCH_SIZE) {
- while ((curr_index + DETAILS_BATCH_SIZE) <= grpIds.length) {
- Long[] ids = new Long[DETAILS_BATCH_SIZE];
- for (int k = 0, j = curr_index; j < curr_index + DETAILS_BATCH_SIZE; j++, k++) {
- ids[k] = grpIds[j];
- }
- SearchCriteria<AclGroupJoinVO> sc = grpSearch.create();
- sc.setParameters("idIN", ids);
- List<AclGroupJoinVO> vms = searchIncludingRemoved(sc, null, null, false);
- if (vms != null) {
- uvList.addAll(vms);
- }
- curr_index += DETAILS_BATCH_SIZE;
- }
- }
- if (curr_index < grpIds.length) {
- int batch_size = (grpIds.length - curr_index);
- // set the ids value
- Long[] ids = new Long[batch_size];
- for (int k = 0, j = curr_index; j < curr_index + batch_size; j++, k++) {
- ids[k] = grpIds[j];
- }
- SearchCriteria<AclGroupJoinVO> sc = grpSearch.create();
- sc.setParameters("idIN", ids);
- List<AclGroupJoinVO> vms = searchIncludingRemoved(sc, null, null, false);
- if (vms != null) {
- uvList.addAll(vms);
- }
- }
- return uvList;
- }
-
- @Override
- public List<AclGroupJoinVO> findAclGroupsByAccount(long accountId) {
- List<AclGroupAccountMapVO> grpMap = _grpAccountDao.listByAccountId(accountId);
- if (grpMap != null && grpMap.size() > 0) {
- Set<Long> grpList = new HashSet<Long>();
- for (AclGroupAccountMapVO m : grpMap) {
- grpList.add(m.getAclGroupId());
- }
- return searchByIds(grpList.toArray(new Long[grpList.size()]));
- }
- else{
- return null;
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/server/src/com/cloud/api/query/dao/AclPolicyJoinDao.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/AclPolicyJoinDao.java b/server/src/com/cloud/api/query/dao/AclPolicyJoinDao.java
deleted file mode 100644
index 8f00464..0000000
--- a/server/src/com/cloud/api/query/dao/AclPolicyJoinDao.java
+++ /dev/null
@@ -1,37 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.query.dao;
-
-import java.util.List;
-
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
-
-import com.cloud.api.query.vo.AclPolicyJoinVO;
-import com.cloud.utils.db.GenericDao;
-
-
-public interface AclPolicyJoinDao extends GenericDao<AclPolicyJoinVO, Long> {
-
- AclPolicyResponse newAclPolicyResponse(AclPolicyJoinVO role);
-
- AclPolicyResponse setAclPolicyResponse(AclPolicyResponse response, AclPolicyJoinVO os);
-
- List<AclPolicyJoinVO> newAclPolicyView(AclPolicy role);
-
- List<AclPolicyJoinVO> searchByIds(Long... ids);
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/server/src/com/cloud/api/query/dao/AclPolicyJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/AclPolicyJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/AclPolicyJoinDaoImpl.java
deleted file mode 100644
index 7929c3a..0000000
--- a/server/src/com/cloud/api/query/dao/AclPolicyJoinDaoImpl.java
+++ /dev/null
@@ -1,157 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.query.dao;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
-
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.api.response.AclPermissionResponse;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
-import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
-
-import com.cloud.api.query.vo.AclPolicyJoinVO;
-import com.cloud.user.AccountManager;
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-@Component
-@Local(value = {AclPolicyJoinDao.class})
-public class AclPolicyJoinDaoImpl extends GenericDaoBase<AclPolicyJoinVO, Long> implements AclPolicyJoinDao {
- public static final Logger s_logger = Logger.getLogger(AclPolicyJoinDaoImpl.class);
-
-
- private final SearchBuilder<AclPolicyJoinVO> policyIdSearch;
- private final SearchBuilder<AclPolicyJoinVO> policySearch;
- @Inject
- public AccountManager _accountMgr;
- @Inject
- public ConfigurationDao _configDao;
-
- protected AclPolicyJoinDaoImpl() {
-
- policySearch = createSearchBuilder();
- policySearch.and("idIN", policySearch.entity().getId(), SearchCriteria.Op.IN);
- policySearch.done();
-
- policyIdSearch = createSearchBuilder();
- policyIdSearch.and("id", policyIdSearch.entity().getId(), SearchCriteria.Op.EQ);
- policyIdSearch.done();
-
- _count = "select count(distinct id) from acl_policy_view WHERE ";
- }
-
-
-
- @Override
- public AclPolicyResponse newAclPolicyResponse(AclPolicyJoinVO policy) {
-
- AclPolicyResponse response = new AclPolicyResponse();
- response.setId(policy.getUuid());
- response.setName(policy.getName());
- response.setDescription(policy.getDescription());
- response.setDomainId(policy.getDomainUuid());
- response.setDomainName(policy.getName());
- response.setAccountName(policy.getAccountName());
- if (policy.getPermissionAction() != null) {
- AclPermissionResponse perm = new AclPermissionResponse();
- perm.setAction(policy.getPermissionAction());
- perm.setEntityType(policy.getPermissionEntityType());
- perm.setScope(policy.getPermissionScope());
- perm.setScopeId(policy.getPermissionScopeId());
- perm.setPermission(policy.getPermissionAllowDeny());
- response.addPermission(perm);
- }
-
- response.setObjectName("aclpolicy");
- return response;
- }
-
- @Override
- public AclPolicyResponse setAclPolicyResponse(AclPolicyResponse response, AclPolicyJoinVO policy) {
- if (policy.getPermissionAction() != null) {
- AclPermissionResponse perm = new AclPermissionResponse();
- perm.setAction(policy.getPermissionAction());
- perm.setEntityType(policy.getPermissionEntityType());
- perm.setScope(policy.getPermissionScope());
- perm.setScopeId(policy.getPermissionScopeId());
- perm.setPermission(policy.getPermissionAllowDeny());
- response.addPermission(perm);
- }
- return response;
- }
-
- @Override
- public List<AclPolicyJoinVO> newAclPolicyView(AclPolicy policy) {
- SearchCriteria<AclPolicyJoinVO> sc = policyIdSearch.create();
- sc.setParameters("id", policy.getId());
- return searchIncludingRemoved(sc, null, null, false);
-
- }
-
- @Override
- public List<AclPolicyJoinVO> searchByIds(Long... policyIds) {
- // set detail batch query size
- int DETAILS_BATCH_SIZE = 2000;
- String batchCfg = _configDao.getValue("detail.batch.query.size");
- if (batchCfg != null) {
- DETAILS_BATCH_SIZE = Integer.parseInt(batchCfg);
- }
- // query details by batches
- List<AclPolicyJoinVO> uvList = new ArrayList<AclPolicyJoinVO>();
- // query details by batches
- int curr_index = 0;
- if (policyIds.length > DETAILS_BATCH_SIZE) {
- while ((curr_index + DETAILS_BATCH_SIZE) <= policyIds.length) {
- Long[] ids = new Long[DETAILS_BATCH_SIZE];
- for (int k = 0, j = curr_index; j < curr_index + DETAILS_BATCH_SIZE; j++, k++) {
- ids[k] = policyIds[j];
- }
- SearchCriteria<AclPolicyJoinVO> sc = policySearch.create();
- sc.setParameters("idIN", ids);
- List<AclPolicyJoinVO> vms = searchIncludingRemoved(sc, null, null, false);
- if (vms != null) {
- uvList.addAll(vms);
- }
- curr_index += DETAILS_BATCH_SIZE;
- }
- }
- if (curr_index < policyIds.length) {
- int batch_size = (policyIds.length - curr_index);
- // set the ids value
- Long[] ids = new Long[batch_size];
- for (int k = 0, j = curr_index; j < curr_index + batch_size; j++, k++) {
- ids[k] = policyIds[j];
- }
- SearchCriteria<AclPolicyJoinVO> sc = policySearch.create();
- sc.setParameters("idIN", ids);
- List<AclPolicyJoinVO> vms = searchIncludingRemoved(sc, null, null, false);
- if (vms != null) {
- uvList.addAll(vms);
- }
- }
- return uvList;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/server/src/com/cloud/server/ManagementServerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index d2caf67..22e72b4 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -57,18 +57,6 @@ import org.apache.cloudstack.api.command.admin.account.DisableAccountCmd;
import org.apache.cloudstack.api.command.admin.account.EnableAccountCmd;
import org.apache.cloudstack.api.command.admin.account.LockAccountCmd;
import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd;
-import org.apache.cloudstack.api.command.admin.acl.AddAccountToAclGroupCmd;
-import org.apache.cloudstack.api.command.admin.acl.AddAclPermissionToAclPolicyCmd;
-import org.apache.cloudstack.api.command.admin.acl.AttachAclPolicyToAclGroupCmd;
-import org.apache.cloudstack.api.command.admin.acl.CreateAclGroupCmd;
-import org.apache.cloudstack.api.command.admin.acl.CreateAclPolicyCmd;
-import org.apache.cloudstack.api.command.admin.acl.DeleteAclGroupCmd;
-import org.apache.cloudstack.api.command.admin.acl.DeleteAclPolicyCmd;
-import org.apache.cloudstack.api.command.admin.acl.ListAclGroupsCmd;
-import org.apache.cloudstack.api.command.admin.acl.ListAclPoliciesCmd;
-import org.apache.cloudstack.api.command.admin.acl.RemoveAccountFromAclGroupCmd;
-import org.apache.cloudstack.api.command.admin.acl.RemoveAclPermissionFromAclPolicyCmd;
-import org.apache.cloudstack.api.command.admin.acl.RemoveAclPolicyFromAclGroupCmd;
import org.apache.cloudstack.api.command.admin.autoscale.CreateCounterCmd;
import org.apache.cloudstack.api.command.admin.autoscale.DeleteCounterCmd;
import org.apache.cloudstack.api.command.admin.cluster.AddClusterCmd;
@@ -2880,18 +2868,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
cmdList.add(ReplaceNetworkACLListCmd.class);
cmdList.add(UpdateNetworkACLItemCmd.class);
cmdList.add(CleanVMReservationsCmd.class);
- cmdList.add(CreateAclPolicyCmd.class);
- cmdList.add(DeleteAclPolicyCmd.class);
- cmdList.add(ListAclPoliciesCmd.class);
- cmdList.add(AddAclPermissionToAclPolicyCmd.class);
- cmdList.add(RemoveAclPermissionFromAclPolicyCmd.class);
- cmdList.add(AttachAclPolicyToAclGroupCmd.class);
- cmdList.add(RemoveAclPolicyFromAclGroupCmd.class);
- cmdList.add(CreateAclGroupCmd.class);
- cmdList.add(DeleteAclGroupCmd.class);
- cmdList.add(ListAclGroupsCmd.class);
- cmdList.add(AddAccountToAclGroupCmd.class);
- cmdList.add(RemoveAccountFromAclGroupCmd.class);
return cmdList;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index adabec6..15d0c55 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -46,6 +46,7 @@ import org.apache.cloudstack.acl.AclPolicyPermission;
import org.apache.cloudstack.acl.AclService;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.QuerySelector;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.acl.SecurityChecker;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
@@ -263,6 +264,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
private AclService _aclService;
@Inject
+ QuerySelector _aclQuerySelector; // we assume that there should be one type of QuerySelector adapter
+
+ @Inject
private AclPolicyPermissionDao _aclPolicyPermissionDao;
@Inject
@@ -2490,16 +2494,16 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
// search for policy permissions associated with caller to get all his authorized domains, accounts, and resources
// Assumption: if a domain is in grantedDomains, then all the accounts under this domain will not be returned in "grantedAccounts". Similarly, if an account
// is in grantedAccounts, then all the resources owned by this account will not be returned in "grantedResources".
- boolean grantedAll = _aclService.isGrantedAll(caller.getId(), action);
+ boolean grantedAll = _aclQuerySelector.isGrantedAll(caller, action);
if ( grantedAll ){
if ( domainId != null ){
permittedDomains.add(domainId);
}
}
else {
- List<Long> grantedDomains = _aclService.getGrantedDomains(caller.getId(), action);
- List<Long> grantedAccounts = _aclService.getGrantedAccounts(caller.getId(), action);
- List<Long> grantedResources = _aclService.getGrantedResources(caller.getId(), action);
+ List<Long> grantedDomains = _aclQuerySelector.getAuthorizedDomains(caller, action);
+ List<Long> grantedAccounts = _aclQuerySelector.getAuthorizedAccounts(caller, action);
+ List<Long> grantedResources = _aclQuerySelector.getAuthorizedResources(caller, action);
if (domainId != null) {
// specific domain is specified
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
----------------------------------------------------------------------
diff --git a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
index 78b233d..66f5253 100644
--- a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
+++ b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
@@ -27,6 +27,8 @@
http://www.springframework.org/schema/context/spring-context-3.0.xsd"
>
- <bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.acl.entity.RoleBasedEntityAccessChecker" />
+ <bean id="RoleBasedAPIAccessChecker" class="org.apache.cloudstack.acl.RoleBasedAPIAccessChecker" />
+ <bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.acl.RoleBasedEntityAccessChecker" />
+ <bean id="RoleBasedEntityQuerySelector" class="org.apache.cloudstack.acl.RoleBasedEntityQuerySelector" />
</beans>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
index e32b2d1..3e76a7e 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
@@ -23,8 +23,6 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.QuerySelector;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.AclPolicyPermission;
import org.apache.cloudstack.iam.api.IAMService;
@@ -99,5 +97,19 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
return entityIds;
}
+ @Override
+ public boolean isGrantedAll(Account caller, String action) {
+ long accountId = caller.getAccountId();
+ // Get the static Policies of the Caller
+ List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+ // for each policy, find granted permission with ALL scope
+ for (AclPolicy policy : policies) {
+ List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
+ if (pp != null && pp.size() > 0) {
+ return true;
+ }
+ }
+ return false;
+ }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
index 3d7bb3c..273c383 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
@@ -18,6 +18,7 @@ package org.apache.cloudstack.acl.api;
import java.util.List;
+import org.apache.cloudstack.acl.AclProxyService;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.api.response.AclGroupResponse;
import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
@@ -28,8 +29,9 @@ import org.apache.cloudstack.iam.api.AclPolicyPermission;
import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
import com.cloud.user.Account;
+import com.cloud.utils.component.PluggableService;
-public interface AclApiService {
+public interface AclApiService extends AclProxyService, PluggableService {
/* ACL group related interfaces */
AclGroup createAclGroup(Account caller, String aclGroupName, String description);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
index 3fca5d5..8a1d70f 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
@@ -27,6 +27,18 @@ import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.acl.api.command.AddAccountToAclGroupCmd;
+import org.apache.cloudstack.acl.api.command.AddAclPermissionToAclPolicyCmd;
+import org.apache.cloudstack.acl.api.command.AttachAclPolicyToAclGroupCmd;
+import org.apache.cloudstack.acl.api.command.CreateAclGroupCmd;
+import org.apache.cloudstack.acl.api.command.CreateAclPolicyCmd;
+import org.apache.cloudstack.acl.api.command.DeleteAclGroupCmd;
+import org.apache.cloudstack.acl.api.command.DeleteAclPolicyCmd;
+import org.apache.cloudstack.acl.api.command.ListAclGroupsCmd;
+import org.apache.cloudstack.acl.api.command.ListAclPoliciesCmd;
+import org.apache.cloudstack.acl.api.command.RemoveAccountFromAclGroupCmd;
+import org.apache.cloudstack.acl.api.command.RemoveAclPermissionFromAclPolicyCmd;
+import org.apache.cloudstack.acl.api.command.RemoveAclPolicyFromAclGroupCmd;
import org.apache.cloudstack.acl.api.response.AclGroupResponse;
import org.apache.cloudstack.acl.api.response.AclPermissionResponse;
import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
@@ -100,6 +112,16 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
return _iamSrv.listAclGroups(accountId);
}
+ @Override
+ public List<String> listAclGroupsByAccount(long accountId) {
+ List<AclGroup> groups = listAclGroups(accountId);
+ List<String> groupNames = new ArrayList<String>();
+ for (AclGroup grp : groups) {
+ groupNames.add(grp.getName());
+ }
+ return groupNames;
+ }
+
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Adding accounts to acl group")
@@ -330,4 +352,21 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
return response;
}
+ @Override
+ public List<Class<?>> getCommands() {
+ List<Class<?>> cmdList = new ArrayList<Class<?>>();
+ cmdList.add(CreateAclPolicyCmd.class);
+ cmdList.add(DeleteAclPolicyCmd.class);
+ cmdList.add(ListAclPoliciesCmd.class);
+ cmdList.add(AddAclPermissionToAclPolicyCmd.class);
+ cmdList.add(RemoveAclPermissionFromAclPolicyCmd.class);
+ cmdList.add(AttachAclPolicyToAclGroupCmd.class);
+ cmdList.add(RemoveAclPolicyFromAclGroupCmd.class);
+ cmdList.add(CreateAclGroupCmd.class);
+ cmdList.add(DeleteAclGroupCmd.class);
+ cmdList.add(ListAclGroupsCmd.class);
+ cmdList.add(AddAccountToAclGroupCmd.class);
+ cmdList.add(RemoveAccountFromAclGroupCmd.class);
+ return cmdList;
+ }
}
[2/2] git commit: updated refs/heads/rbac to e42a262
Posted by mc...@apache.org.
Remove old APIs and old security checker plugins. Also use QuerySelector
adapater in ACL search routine.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/e42a262f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/e42a262f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/e42a262f
Branch: refs/heads/rbac
Commit: e42a262f6cd9cd3535f5ad458b5e63d16dec8e6a
Parents: e6238ba
Author: Min Chen <mi...@citrix.com>
Authored: Fri Jan 10 14:54:31 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Fri Jan 10 14:54:31 2014 -0800
----------------------------------------------------------------------
.../apache/cloudstack/acl/AclProxyService.java | 9 +
.../apache/cloudstack/acl/QuerySelector.java | 7 +
.../cloudstack/api/ResponseGenerator.java | 8 -
.../admin/acl/AddAccountToAclGroupCmd.java | 121 ----------
.../acl/AddAclPermissionToAclPolicyCmd.java | 144 -----------
.../admin/acl/AttachAclPolicyToAclGroupCmd.java | 121 ----------
.../command/admin/acl/CreateAclGroupCmd.java | 162 -------------
.../command/admin/acl/CreateAclPolicyCmd.java | 169 -------------
.../command/admin/acl/DeleteAclGroupCmd.java | 96 --------
.../command/admin/acl/DeleteAclPolicyCmd.java | 96 --------
.../api/command/admin/acl/ListAclGroupsCmd.java | 82 -------
.../command/admin/acl/ListAclPoliciesCmd.java | 82 -------
.../admin/acl/RemoveAccountFromAclGroupCmd.java | 121 ----------
.../RemoveAclPermissionFromAclPolicyCmd.java | 141 -----------
.../acl/RemoveAclPolicyFromAclGroupCmd.java | 121 ----------
.../api/response/AccountResponse.java | 6 +-
.../api/response/AclGroupResponse.java | 168 -------------
.../api/response/AclPermissionResponse.java | 125 ----------
.../api/response/AclPolicyResponse.java | 156 ------------
.../apache/cloudstack/query/QueryService.java | 8 -
plugins/acl/role-based-access-checkers/pom.xml | 32 ---
.../module.properties | 18 --
...g-acl-role-based-access-checkers-context.xml | 32 ---
.../acl/api/RoleBasedAPIAccessChecker.java | 68 ------
.../entity/RoleBasedEntityAccessChecker.java | 131 ----------
.../entity/RoleBasedEntityQuerySelector.java | 51 ----
server/src/com/cloud/api/ApiDBUtils.java | 42 ----
server/src/com/cloud/api/ApiResponseHelper.java | 22 --
.../com/cloud/api/query/QueryManagerImpl.java | 238 -------------------
.../com/cloud/api/query/ViewResponseHelper.java | 36 ---
.../cloud/api/query/dao/AccountJoinDaoImpl.java | 9 +-
.../cloud/api/query/dao/AclGroupJoinDao.java | 38 ---
.../api/query/dao/AclGroupJoinDaoImpl.java | 173 --------------
.../cloud/api/query/dao/AclPolicyJoinDao.java | 37 ---
.../api/query/dao/AclPolicyJoinDaoImpl.java | 157 ------------
.../com/cloud/server/ManagementServerImpl.java | 24 --
.../src/com/cloud/user/AccountManagerImpl.java | 12 +-
...g-acl-role-based-access-checkers-context.xml | 4 +-
.../acl/RoleBasedEntityQuerySelector.java | 16 +-
.../cloudstack/acl/api/AclApiService.java | 4 +-
.../cloudstack/acl/api/AclApiServiceImpl.java | 39 +++
41 files changed, 90 insertions(+), 3036 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/acl/AclProxyService.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclProxyService.java b/api/src/org/apache/cloudstack/acl/AclProxyService.java
new file mode 100644
index 0000000..c49693d
--- /dev/null
+++ b/api/src/org/apache/cloudstack/acl/AclProxyService.java
@@ -0,0 +1,9 @@
+package org.apache.cloudstack.acl;
+
+import java.util.List;
+
+public interface AclProxyService {
+
+ List<String> listAclGroupsByAccount(long accountId);
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/acl/QuerySelector.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/QuerySelector.java b/api/src/org/apache/cloudstack/acl/QuerySelector.java
index 56bf982..75fedb3 100644
--- a/api/src/org/apache/cloudstack/acl/QuerySelector.java
+++ b/api/src/org/apache/cloudstack/acl/QuerySelector.java
@@ -54,5 +54,12 @@ public interface QuerySelector extends Adapter {
*/
List<Long> getAuthorizedResources(Account caller, String action);
+ /**
+ * Check if this account is associated with a policy with scope of ALL
+ * @param caller account to check
+ * @param action action.
+ * @return true if this account is attached with a policy for the given action of ALL scope.
+ */
+ boolean isGrantedAll(Account caller, String action);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/ResponseGenerator.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ResponseGenerator.java b/api/src/org/apache/cloudstack/api/ResponseGenerator.java
index 4bb2907..e47773e 100644
--- a/api/src/org/apache/cloudstack/api/ResponseGenerator.java
+++ b/api/src/org/apache/cloudstack/api/ResponseGenerator.java
@@ -22,8 +22,6 @@ import java.util.EnumSet;
import java.util.List;
import java.util.Map;
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.affinity.AffinityGroup;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.ApiConstants.HostDetails;
@@ -31,8 +29,6 @@ import org.apache.cloudstack.api.ApiConstants.VMDetails;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.command.user.job.QueryAsyncJobResultCmd;
import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.ApplicationLoadBalancerResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.AutoScalePolicyResponse;
@@ -440,8 +436,4 @@ public interface ResponseGenerator {
IsolationMethodResponse createIsolationMethodResponse(IsolationType method);
- AclPolicyResponse createAclPolicyResponse(AclPolicy policy);
-
- AclGroupResponse createAclGroupResponse(AclGroup group);
-
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/command/admin/acl/AddAccountToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/AddAccountToAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/AddAccountToAclGroupCmd.java
deleted file mode 100644
index 854f2b3..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/AddAccountToAclGroupCmd.java
+++ /dev/null
@@ -1,121 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "addAccountToAclGroup", description = "add account to an acl group", responseObject = AclGroupResponse.class)
-public class AddAccountToAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AddAccountToAclGroupCmd.class.getName());
- private static final String s_name = "addaccounttoaclgroupresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclService.addAccountsToGroup(accountIdList, id);
- if (result != null){
- AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add accounts to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding accounts to acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/command/admin/acl/AddAclPermissionToAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/AddAclPermissionToAclPolicyCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/AddAclPermissionToAclPolicyCmd.java
deleted file mode 100644
index 6a634be..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/AddAclPermissionToAclPolicyCmd.java
+++ /dev/null
@@ -1,144 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "addAclPermissionToAclPolicy", description = "Add Acl permission to an acl policy", responseObject = AclPolicyResponse.class)
-public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AddAclPermissionToAclPolicyCmd.class.getName());
- private static final String s_name = "addaclpermissiontoaclpolicyresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
- private String action;
-
- @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
- private String entityType;
-
- @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
- required = false, description = "acl permission scope")
- private String scope;
-
- @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
- private Long scopeId;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public String getAction() {
- return action;
- }
-
- public String getEntityType() {
- return entityType;
- }
-
- public String getScope() {
- return scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- // Only explicit ALLOW is supported for this release, no explicit deny
- AclPolicy result = _aclService.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action, Permission.Allow);
- if (result != null) {
- AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to acl policy " + getId());
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_GRANT;
- }
-
- @Override
- public String getEventDescription() {
- return "granting permission to acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/command/admin/acl/AttachAclPolicyToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/AttachAclPolicyToAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/AttachAclPolicyToAclGroupCmd.java
deleted file mode 100644
index 33cb59f..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/AttachAclPolicyToAclGroupCmd.java
+++ /dev/null
@@ -1,121 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "attachAclPolicyToAclGroup", description = "attach acl policy to an acl group", responseObject = AclGroupResponse.class)
-public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAclGroupCmd.class.getName());
- private static final String s_name = "attachaclpolicytoaclgroupresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
- private List<Long> policyIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getPolicyIdList() {
- return policyIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclService.attachAclPoliciesToGroup(policyIdList, id);
- if (result != null){
- AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding acl roles to acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java
deleted file mode 100644
index d6d965f..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java
+++ /dev/null
@@ -1,162 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;
-
-@APICommand(name = "createAclGroup", responseObject = AclGroupResponse.class, description = "Creates an acl group")
-public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
- public static final Logger s_logger = Logger.getLogger(CreateAclGroupCmd.class.getName());
-
- private static final String s_name = "createaclgroupresponse";
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl group. Must be used with domainId.")
- private String accountName;
-
- @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl group", entityType = DomainResponse.class)
- private Long domainId;
-
- @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl group")
- private String description;
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl group")
- private String name;
-
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public String getDescription() {
- return description;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getName() {
- return name;
- }
-
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- Account account = CallContext.current().getCallingAccount();
- if ((account == null) || _accountService.isAdmin(account.getType())) {
- if ((domainId != null) && (accountName != null)) {
- Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
- if (userAccount != null) {
- return userAccount.getId();
- }
- }
- }
-
- if (account != null) {
- return account.getId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
- // command to SYSTEM so ERROR events
- // are tracked
- }
-
- @Override
- public void execute() {
- AclGroup grp = _entityMgr.findById(AclGroup.class, getEntityId());
- if (grp != null) {
- AclGroupResponse response = _responseGenerator.createAclGroupResponse(grp);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group:" + name);
- }
- }
-
- @Override
- public void create() throws ResourceAllocationException {
- Account account = CallContext.current().getCallingAccount();
- AclGroup result = _aclService.createAclGroup(account, name, description);
- if (result != null) {
- setEntityId(result.getId());
- setEntityUuid(result.getUuid());
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group entity" + name);
- }
-
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_CREATE;
- }
-
- @Override
- public String getEventDescription() {
- return "creating Acl group";
- }
-
- @Override
- public String getCreateEventType() {
- return EventTypes.EVENT_ACL_GROUP_CREATE;
- }
-
- @Override
- public String getCreateEventDescription() {
- return "creating acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclPolicyCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclPolicyCmd.java
deleted file mode 100644
index b423dab..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclPolicyCmd.java
+++ /dev/null
@@ -1,169 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;
-
-@APICommand(name = "createAclPolicy", responseObject = AclPolicyResponse.class, description = "Creates an acl policy")
-public class CreateAclPolicyCmd extends BaseAsyncCreateCmd {
- public static final Logger s_logger = Logger.getLogger(CreateAclPolicyCmd.class.getName());
-
- private static final String s_name = "createaclpolicyresponse";
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl policy. Must be used with domainId.")
- private String accountName;
-
- @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl policy", entityType = DomainResponse.class)
- private Long domainId;
-
- @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl policy")
- private String description;
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl policy")
- private String name;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_PARENT_POLICY_ID, type = CommandType.UUID, description = "The ID of parent acl policy.", entityType = AclPolicyResponse.class)
- private Long parentPolicyId;
-
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public String getDescription() {
- return description;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getName() {
- return name;
- }
-
- public Long getParentPolicyId() {
- return parentPolicyId;
- }
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- Account account = CallContext.current().getCallingAccount();
- if ((account == null) || _accountService.isAdmin(account.getType())) {
- if ((domainId != null) && (accountName != null)) {
- Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
- if (userAccount != null) {
- return userAccount.getId();
- }
- }
- }
-
- if (account != null) {
- return account.getId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
- // command to SYSTEM so ERROR events
- // are tracked
- }
-
- @Override
- public void execute() {
- AclPolicy policy = _entityMgr.findById(AclPolicy.class, getEntityId());
- if (policy != null) {
- AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(policy);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy:" + name);
- }
- }
-
- @Override
- public void create() throws ResourceAllocationException {
- Account account = CallContext.current().getCallingAccount();
- AclPolicy result = _aclService.createAclPolicy(account, name, description, parentPolicyId);
- if (result != null) {
- setEntityId(result.getId());
- setEntityUuid(result.getUuid());
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy entity" + name);
- }
-
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_CREATE;
- }
-
- @Override
- public String getEventDescription() {
- return "creating Acl policy";
- }
-
- @Override
- public String getCreateEventType() {
- return EventTypes.EVENT_ACL_POLICY_CREATE;
- }
-
- @Override
- public String getCreateEventDescription() {
- return "creating acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclGroupCmd.java
deleted file mode 100644
index 661b9ed..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclGroupCmd.java
+++ /dev/null
@@ -1,96 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.SuccessResponse;
-
-import com.cloud.event.EventTypes;
-import com.cloud.user.Account;
-
-@APICommand(name = "deleteAclGroup", description = "Deletes acl group", responseObject = SuccessResponse.class)
-public class DeleteAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(DeleteAclGroupCmd.class.getName());
- private static final String s_name = "deleteaclgroupresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl group.", required = true, entityType = AclGroupResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM;
- }
-
- @Override
- public void execute(){
- boolean result = _aclService.deleteAclGroup(id);
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_DELETE;
- }
-
- @Override
- public String getEventDescription() {
- return "Deleting Acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclPolicyCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclPolicyCmd.java
deleted file mode 100644
index d7216fa..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclPolicyCmd.java
+++ /dev/null
@@ -1,96 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
-import org.apache.cloudstack.api.response.SuccessResponse;
-
-import com.cloud.event.EventTypes;
-import com.cloud.user.Account;
-
-@APICommand(name = "deleteAclPolicy", description = "Deletes acl policy", responseObject = SuccessResponse.class)
-public class DeleteAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(DeleteAclPolicyCmd.class.getName());
- private static final String s_name = "deleteaclpolicyresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl role.", required = true, entityType = AclPolicyResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM;
- }
-
- @Override
- public void execute(){
- boolean result = _aclService.deleteAclPolicy(id);
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl policy");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_DELETE;
- }
-
- @Override
- public String getEventDescription() {
- return "Deleting Acl role";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclGroupsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclGroupsCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclGroupsCmd.java
deleted file mode 100644
index 881b65a..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclGroupsCmd.java
+++ /dev/null
@@ -1,82 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.ListResponse;
-
-
-@APICommand(name = "listAclGroups", description = "Lists acl groups", responseObject = AclGroupResponse.class)
-public class ListAclGroupsCmd extends BaseListDomainResourcesCmd {
- public static final Logger s_logger = Logger.getLogger(ListAclGroupsCmd.class.getName());
-
- private static final String s_name = "listaclgroupsresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl groups by name")
- private String aclGroupName;
-
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl group by the id provided", entityType = AclGroupResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
- public String getAclGroupName() {
- return aclGroupName;
- }
-
-
- public Long getId(){
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public void execute(){
-
- ListResponse<AclGroupResponse> response = _queryService.listAclGroups(id, aclGroupName, getDomainId(),
- getStartIndex(), getPageSizeVal());
- response.setResponseName(getCommandName());
- setResponseObject(response);
-
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclPoliciesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclPoliciesCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclPoliciesCmd.java
deleted file mode 100644
index 7c9cdbe..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclPoliciesCmd.java
+++ /dev/null
@@ -1,82 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
-import org.apache.cloudstack.api.response.ListResponse;
-
-
-@APICommand(name = "listAclPolicies", description = "Lists acl policies", responseObject = AclPolicyResponse.class)
-public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd {
- public static final Logger s_logger = Logger.getLogger(ListAclPoliciesCmd.class.getName());
-
- private static final String s_name = "listaclpoliciesresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl policies by name")
- private String aclPolicyName;
-
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl policy by the id provided", entityType = AclPolicyResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
- public String getAclPolicyName() {
- return aclPolicyName;
- }
-
-
- public Long getId(){
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public void execute(){
-
- ListResponse<AclPolicyResponse> response = _queryService.listAclPolicies(id, aclPolicyName, getDomainId(),
- getStartIndex(), getPageSizeVal());
- response.setResponseName(getCommandName());
- setResponseObject(response);
-
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAccountFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAccountFromAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAccountFromAclGroupCmd.java
deleted file mode 100644
index d5c5c7c..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAccountFromAclGroupCmd.java
+++ /dev/null
@@ -1,121 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAccountFromAclGroup", description = "remove accounts from an acl group", responseObject = AclGroupResponse.class)
-public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAccountFromAclGroupCmd.class.getName());
- private static final String s_name = "removeaccountfromaclgroupresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclService.removeAccountsFromGroup(accountIdList, id);
- if (result != null){
- AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove accounts from acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing accounts from acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPermissionFromAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPermissionFromAclPolicyCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPermissionFromAclPolicyCmd.java
deleted file mode 100644
index 84d3530..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPermissionFromAclPolicyCmd.java
+++ /dev/null
@@ -1,141 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAclPermissionFromAclPolicy", description = "Remove acl permission from an acl policy", responseObject = AclPolicyResponse.class)
-public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAclPermissionFromAclPolicyCmd.class.getName());
- private static final String s_name = "removeaclpermissionfromaclpolicyresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
- private String action;
-
- @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
- private String entityType;
-
- @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
- required = false, description = "acl permission scope")
- private String scope;
-
- @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
- private Long scopeId;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public String getAction() {
- return action;
- }
-
- public String getEntityType() {
- return entityType;
- }
-
- public String getScope() {
- return scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- AclPolicy result = _aclService.removeAclPermissionFromAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
- if (result != null) {
- AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove permission from acl policy " + getId());
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_REVOKE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing permission from acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPolicyFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPolicyFromAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPolicyFromAclGroupCmd.java
deleted file mode 100644
index 4b92a1e..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPolicyFromAclGroupCmd.java
+++ /dev/null
@@ -1,121 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAclPolicyFromAclGroup", description = "remove acl policy from an acl group", responseObject = AclGroupResponse.class)
-public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAclGroupCmd.class.getName());
- private static final String s_name = "removeaclpolicyfromaclgroupresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
- private List<Long> policyIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getRoleIdList() {
- return policyIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclService.removeAclPoliciesFromGroup(policyIdList, id);
- if (result != null){
- AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing acl roles from acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/response/AccountResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/AccountResponse.java b/api/src/org/apache/cloudstack/api/response/AccountResponse.java
index da52368..e6e055d 100644
--- a/api/src/org/apache/cloudstack/api/response/AccountResponse.java
+++ b/api/src/org/apache/cloudstack/api/response/AccountResponse.java
@@ -188,8 +188,8 @@ public class AccountResponse extends BaseResponse implements ResourceLimitAndCou
private Boolean isDefault;
@SerializedName(ApiConstants.ACL_GROUPS)
- @Param(description = "the list of acl groups that account belongs to", responseObject = AclGroupResponse.class)
- private List<AclGroupResponse> groups;
+ @Param(description = "the list of acl groups that account belongs to")
+ private List<String> groups;
@Override
public String getObjectId() {
@@ -439,7 +439,7 @@ public class AccountResponse extends BaseResponse implements ResourceLimitAndCou
this.isDefault = isDefault;
}
- public void setGroups(List<AclGroupResponse> groups) {
+ public void setGroups(List<String> groups) {
this.groups = groups;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/response/AclGroupResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/AclGroupResponse.java b/api/src/org/apache/cloudstack/api/response/AclGroupResponse.java
deleted file mode 100644
index b0c54e8..0000000
--- a/api/src/org/apache/cloudstack/api/response/AclGroupResponse.java
+++ /dev/null
@@ -1,168 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response;
-
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.api.EntityReference;
-
-import com.cloud.serializer.Param;
-
-@SuppressWarnings("unused")
-@EntityReference(value = AclGroup.class)
-public class AclGroupResponse extends BaseResponse implements ControlledViewEntityResponse {
-
- @SerializedName(ApiConstants.ID)
- @Param(description = "the ID of the acl group")
- private String id;
-
- @SerializedName(ApiConstants.NAME)
- @Param(description = "the name of the acl group")
- private String name;
-
- @SerializedName(ApiConstants.DESCRIPTION)
- @Param(description = "the description of the acl group")
- private String description;
-
- @SerializedName(ApiConstants.DOMAIN_ID)
- @Param(description = "the domain ID of the acl group")
- private String domainId;
-
- @SerializedName(ApiConstants.DOMAIN)
- @Param(description = "the domain name of the acl role")
- private String domainName;
-
- @SerializedName(ApiConstants.ACCOUNT)
- @Param(description = "the account owning the policy")
- private String accountName;
-
- @SerializedName(ApiConstants.ACL_MEMBER_ACCOUNTS)
- @Param(description = "account names assigned to this acl group ")
- private Set<String> accountNameList;
-
- @SerializedName(ApiConstants.ACL_POLICIES)
- @Param(description = "acl policies attached to this acl group ")
- private Set<String> policyNameList;
-
- public AclGroupResponse() {
- accountNameList = new LinkedHashSet<String>();
- policyNameList = new LinkedHashSet<String>();
- }
-
- @Override
- public String getObjectId() {
- return getId();
- }
-
-
- public String getId() {
- return id;
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
-
- public void setName(String name) {
- this.name = name;
- }
-
- public void setDescription(String description) {
- this.description = description;
- }
-
- @Override
- public void setDomainId(String domainId) {
- this.domainId = domainId;
- }
-
- @Override
- public void setDomainName(String domainName) {
- this.domainName = domainName;
- }
-
- @Override
- public void setAccountName(String accountName) {
- this.accountName = accountName;
-
- }
-
- @Override
- public void setProjectId(String projectId) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void setProjectName(String projectName) {
- // TODO Auto-generated method stub
-
- }
-
- public void setMemberAccounts(Set<String> accts) {
- accountNameList = accts;
- }
-
- public void addMemberAccount(String acct) {
- accountNameList.add(acct);
- }
-
- public void setPolicyList(Set<String> policies) {
- policyNameList = policies;
- }
-
- public void addPolicy(String policy) {
- policyNameList.add(policy);
- }
-
- public Set<String> getPolicyList() {
- return policyNameList;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclGroupResponse other = (AclGroupResponse)obj;
- if (id == null) {
- if (other.id != null)
- return false;
- } else if (!id.equals(other.id))
- return false;
- return true;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/response/AclPermissionResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/AclPermissionResponse.java b/api/src/org/apache/cloudstack/api/response/AclPermissionResponse.java
deleted file mode 100644
index ad928dc..0000000
--- a/api/src/org/apache/cloudstack/api/response/AclPermissionResponse.java
+++ /dev/null
@@ -1,125 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.acl.AclEntityType;
-import org.apache.cloudstack.acl.AclPolicyPermission;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-
-import com.cloud.serializer.Param;
-
-public class AclPermissionResponse extends BaseResponse {
-
- @SerializedName(ApiConstants.ACL_ACTION)
- @Param(description = "action of this permission")
- private String action;
-
- @SerializedName(ApiConstants.ENTITY_TYPE)
- @Param(description = "the entity type of this permission")
- private AclEntityType entityType;
-
- @SerializedName(ApiConstants.ACL_SCOPE)
- @Param(description = "scope of this permission")
- private PermissionScope scope;
-
- @SerializedName(ApiConstants.ACL_SCOPE_ID)
- @Param(description = "scope id of this permission")
- private Long scopeId;
-
- @SerializedName(ApiConstants.ACL_ALLOW_DENY)
- @Param(description = "allow or deny of this permission")
- private AclPolicyPermission.Permission permission;
-
- public AclEntityType getEntityType() {
- return entityType;
- }
-
- public void setEntityType(AclEntityType entityType) {
- this.entityType = entityType;
- }
-
- public String getAction() {
- return action;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public PermissionScope getScope() {
- return scope;
- }
-
- public void setScope(PermissionScope scope) {
- this.scope = scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
- public void setScopeId(Long scopeId) {
- this.scopeId = scopeId;
- }
-
- public AclPolicyPermission.Permission getPermission() {
- return permission;
- }
-
- public void setPermission(AclPolicyPermission.Permission permission) {
- this.permission = permission;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((action == null) ? 0 : action.hashCode());
- result = prime * result + ((entityType == null) ? 0 : entityType.hashCode());
- result = prime * result + ((scope == null) ? 0 : scope.hashCode());
- result = prime * result + ((scopeId == null) ? 0 : scopeId.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclPermissionResponse other = (AclPermissionResponse) obj;
- if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) {
- return false;
- } else if ((action == null && other.action != null) || !action.equals(other.action)) {
- return false;
- } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) {
- return false;
- } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) {
- return false;
- }
- return true;
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/api/response/AclPolicyResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/AclPolicyResponse.java b/api/src/org/apache/cloudstack/api/response/AclPolicyResponse.java
deleted file mode 100644
index 6527fa4..0000000
--- a/api/src/org/apache/cloudstack/api/response/AclPolicyResponse.java
+++ /dev/null
@@ -1,156 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response;
-
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.api.EntityReference;
-
-import com.cloud.serializer.Param;
-
-@SuppressWarnings("unused")
-@EntityReference(value = AclPolicy.class)
-public class AclPolicyResponse extends BaseResponse implements ControlledViewEntityResponse {
-
- @SerializedName(ApiConstants.ID)
- @Param(description = "the ID of the acl policy")
- private String id;
-
- @SerializedName(ApiConstants.NAME)
- @Param(description = "the name of the acl policy")
- private String name;
-
- @SerializedName(ApiConstants.DESCRIPTION)
- @Param(description = "the description of the acl policy")
- private String description;
-
- @SerializedName(ApiConstants.DOMAIN_ID)
- @Param(description = "the domain ID of the acl policy")
- private String domainId;
-
- @SerializedName(ApiConstants.DOMAIN)
- @Param(description = "the domain name of the acl policy")
- private String domainName;
-
- @SerializedName(ApiConstants.ACCOUNT)
- @Param(description = "the account owning the policy")
- private String accountName;
-
- @SerializedName(ApiConstants.ACL_PERMISSIONS)
- @Param(description = "set of permissions for the acl policy")
- private Set<AclPermissionResponse> permissionList;
-
- public AclPolicyResponse() {
- permissionList = new LinkedHashSet<AclPermissionResponse>();
- }
-
- @Override
- public String getObjectId() {
- return getId();
- }
-
-
- public String getId() {
- return id;
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
-
- public void setName(String name) {
- this.name = name;
- }
-
- public void setDescription(String description) {
- this.description = description;
- }
-
- @Override
- public void setDomainId(String domainId) {
- this.domainId = domainId;
- }
-
- @Override
- public void setDomainName(String domainName) {
- this.domainName = domainName;
- }
-
- public Set<AclPermissionResponse> getPermissionList() {
- return permissionList;
- }
-
- public void setPermissionList(Set<AclPermissionResponse> perms) {
- permissionList = perms;
- }
-
- public void addPermission(AclPermissionResponse perm) {
- permissionList.add(perm);
- }
-
- @Override
- public void setAccountName(String accountName) {
- this.accountName = accountName;
- }
-
- @Override
- public void setProjectId(String projectId) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void setProjectName(String projectName) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclPolicyResponse other = (AclPolicyResponse) obj;
- if (id == null) {
- if (other.id != null)
- return false;
- } else if (!id.equals(other.id))
- return false;
- return true;
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/api/src/org/apache/cloudstack/query/QueryService.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/query/QueryService.java b/api/src/org/apache/cloudstack/query/QueryService.java
index 9c9274f..a9fce34 100644
--- a/api/src/org/apache/cloudstack/query/QueryService.java
+++ b/api/src/org/apache/cloudstack/query/QueryService.java
@@ -44,8 +44,6 @@ import org.apache.cloudstack.api.command.user.volume.ListResourceDetailsCmd;
import org.apache.cloudstack.api.command.user.volume.ListVolumesCmd;
import org.apache.cloudstack.api.command.user.zone.ListZonesCmd;
import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.DomainRouterResponse;
@@ -127,10 +125,4 @@ public interface QueryService {
ListResponse<DomainRouterResponse> searchForInternalLbVms(ListInternalLBVMsCmd cmd);
- public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName,
- Long domainId, Long startIndex, Long pageSize);
-
- public ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName,
- Long domainId, Long startIndex, Long pageSize);
-
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/plugins/acl/role-based-access-checkers/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/acl/role-based-access-checkers/pom.xml b/plugins/acl/role-based-access-checkers/pom.xml
deleted file mode 100644
index 06cee20..0000000
--- a/plugins/acl/role-based-access-checkers/pom.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
- http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <artifactId>cloud-plugin-acl-role-based-access-checkers</artifactId>
- <name>Apache CloudStack Plugin - ACL Role Based Access Checkers</name>
- <parent>
- <groupId>org.apache.cloudstack</groupId>
- <artifactId>cloudstack-plugins</artifactId>
- <version>4.3.0-SNAPSHOT</version>
- <relativePath>../../pom.xml</relativePath>
- </parent>
-</project>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e42a262f/plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties
----------------------------------------------------------------------
diff --git a/plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties b/plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties
deleted file mode 100644
index 206e1b0..0000000
--- a/plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties
+++ /dev/null
@@ -1,18 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-name=acl-role-based-access-checkers
-parent=api
\ No newline at end of file